PT-2018-11165 · Dell Emc · Idrac9+3

Published

2018-07-02

Updated

2019-10-09

CVE-2018-1243

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell EMC iDRAC6 versions prior to 2.91 Dell EMC iDRAC7/iDRAC8 versions prior to 2.60.60.60 Dell EMC iDRAC9 versions prior to 3.21.21.21

Description The issue concerns a weak CGI session ID. Sessions invoked via CGI binaries use 96-bit numeric-only session ID values. This weakness makes it easier for remote attackers to perform brute-force session guessing attacks.

Recommendations For Dell EMC iDRAC6 versions prior to 2.91, update to version 2.91 or later. For Dell EMC iDRAC7/iDRAC8 versions prior to 2.60.60.60, update to version 2.60.60.60 or later. For Dell EMC iDRAC9 versions prior to 3.21.21.21, update to version 3.21.21.21 or later.

Fix

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-358

Related Identifiers

CVE-2018-1243

Affected Products

Idrac6

Idrac7

Idrac8

Idrac9

PT-2018-11165 · Dell Emc · Idrac9+3

CVE-2018-1243

Weakness Enumeration

Related Identifiers

Affected Products

References · 3